This invention relates generally to radio frequency identification (RFID), and more particularly to providing security in a RFID system.
Radio Frequency Identification (RFID) is an emerging and useful tool in manufacturing, supply chain management and inventory control. There are two key elements in a RFID system: a RFID tag, or transponder, that carriers object-identifying data; and a RFID reader, or transceiver, that reads and writes tag data. Basically, the tag reader broadcasts a radio frequency signal to access information stored on the tags nearby. This information can range from static identification numbers to user written data or data computed by the tag. Tags respond by transmitting back resident data, typically including a unique serial number or electronic product code (EPC), to the reader.
The availability of a low cost RFID tag, which may be referred to as a passive tag, is one of the reasons for widespread adoption of the RFID technology. However, the deployment of such tags may create new threats to user privacy due to the powerful tracking capability of the tags. As a result, it would be useful to implement a security scheme on the passive tags for addressing the privacy problem associated with RFID tags. However, providing security in RFID tags is a challenging task because they are highly resource constrained and cannot support strong cryptography.
RFID tags themselves have no access control function, thus, any reader can freely obtain information from them. Another security issue is related to the fact that since the communication between a tag and a reader is by radio, anyone can access the tag and obtain its output (e.g., attackers can eavesdrop on the communication channel between tags and readers). It would be desirable for a RFID system to provide an authentication scheme to protect the data passing between the tag and the reader by providing some kind of encryption capability.
Several solutions to providing RFID system security have been proposed. Some approaches entail using an extra device such as a Faraday cage, a blocker tag and active jamming. A Faraday cage is a container made of metal mesh or foil that is impenetrable by radio signals of certain frequencies. The Faraday cage protects the RFID tag from being read. It is easy to predict that RFID tags will inevitably see use in a vast range of objects that cannot be placed conveniently in containers, for example on clothing, in wrist watches, and even possibly on or in human beings. A blocker tag is a device that simulates the full spectrum of possible serial number tags, thereby obscuring the serial numbers of other tags. The use of active jamming involves having the consumer carry a device that actively broadcasts radio signals so as to block and/or disrupt the operation of any nearby RFID readers. In certain locations or applications, the use of active jamming to block or disrupt other systems may be illegal depending on the applicable government regulations. These three approaches to providing security in a RFID system require an additional device to be operated besides the tags and readers, and none of them provide a robust or easy to implement solution for providing security in an RFID system.
Other approaches to providing RFID system security may be referred to as radio frequency modification approaches. One such approach is to have the readers employing random frequencies so that unauthorized users may not easily detect the traffic or perform eavesdropping. Another method involves having the tags changing frequencies by utilizing specially designed tags to transmit signals over a reserved frequency indicating that they are being modified. Drawbacks of radio frequency modification approaches is that they imply changing runtime radio frequency, which means that complex circuits will be required and therefore, the cost of building such a device will be relative high. The cost of a tag is an important factor for the widespread adoption of a RFID solution in industry.
Another method may be referred to as the “kill tag” approach and it involves killing, or deactivating, RFID tags before they are put in the hands of consumers (e.g., when a product with a tag is purchased). A killed tag can never be reactivated and thus, this approach would not support the ability to scan the RFID tag when/if a product is returned to the place of purchase.
Due to the expected increase in the use of passive RFID tags, it would be desirable to implement a low cost security scheme for an RFID system that avoids the drawbacks of the current approaches described above.